On Sun, Jan 9, 2022 at 5:29 PM raf <post...@raf.org> wrote: Maybe in terms of money, but that's not the only consideration. > If a mail server cannot (for any of a number of reasons) fire up > a web server for LetsEncrypt domain ownership verification, then > it gets more complicated
A DNS based challenge is also accepted. It is also not unheard of to run certbot (or equivalent) on a separate machine and push or pull the certs to the mail server. > . The cost becomes the effort to make use > of LetsEncrypt. And since the general assumption is that most(?) > SMTP server certificates are self-signed anyway The effort of setting up LetsEncrypt is offset by the long-term benefit of automatically updated certificates, IMHO.
